Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

After Minecraft, here's Mumble.
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

After Minecraft, here's Mumble.

lifehomelifehome Member
in Help

Any idea how to protect a mumble server away from being DDoS-ed? Is it the same method like protecting minecraft servers? GRE?

I have deployed a live Mumble server, under a private environment, while considering my server have some... "controversial" topics, my guess on publishing it will attract quite an amount on attacks. So I'm here to seek for ideas on protecting it... :meh:

Comments

  • DewlanceVPSDewlanceVPS Member, Patron Provider

    Change port to other port and close all default ports. (If allowed to change port)

  • lifehomelifehome Member
    edited June 2015

    @DewlanceVPS said:
    Change port to other port and close all default ports. (If allowed to change port)

    I suppose the port is public info for users to connect...? (While Mumble do not support SRV record...)

  • BoltersdriveerBoltersdriveer Member, LIR

    Yes, you can use the same mechanism to protect Mumble servers using GRE tunnel as well. If you have a service with someone here which provides DDoS protection, you can tunnel through that. Application uses TCP for control packets and UDP for voice. When doing iptables rules you can do something like below where it is protected:

    iptables -A INPUT -p tcp -m tcp --dport 64738 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 64738 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d <destination host - your protected IP> --dport 64738 -j DNAT --to-destination <tunnel ip>:64738
iptables -A FORWARD -p tcp -d <tunnel ip> --dport 64738 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A PREROUTING -p udp -d <destination host - your protected IP> --dport 64738 -j DNAT --to-destination <tunnel ip>:64738
iptables -A FORWARD -p udp -d <tunnel ip> --dport 64738 -j ACCEPT
    Thanked by 1ehab
  • lifehomelifehome Member

    @Boltersdriveer said:
    SNIP

    Thanks for the generous information, seems my question now turns to "which of the DDoS protection service got HK covered"...

  • W3HostingServicesW3HostingServices Member

    We can offer you DDoS protection to GRE tunnel your Mumble server using a low end VPS. Please open a ticket at https://w3hostingservices.com/submitticket.php and we can discuss further.

  • lifehomelifehome Member

    @W3HostingServices said:
    We can offer you DDoS protection to GRE tunnel your Mumble server using a low end VPS.

    Thanks again, but my server is located at Hong Kong, Buffalo is a bit... too far for me to cover the latency thing with?

Sign In or Register to comment.